MySQL Bugs: #29235: Using AutoGenerated keys with the MySQL Membership Provider causes an exception.

Bug #29235	Using AutoGenerated keys with the MySQL Membership Provider causes an exception.
Submitted:	20 Jun 2007 13:03	Modified:	2 Jul 2007 5:07
Reporter:	Avi Dorfman	Email Updates:
Status:	Closed	Impact on me:	None
Category:	Connector / NET	Severity:	S2 (Serious)
Version:	5.1.2.2	OS:	Windows
Assigned to:		CPU Architecture:	Any
Tags:	autogenerate, decryptionkey, isolateapps, machinekey, mysql.web.security, validationkey

Description:
When running an ASP.NET application under Visual Studio 2005 with it's validationKey and\or decryptionKey settings set to "AutoGenerate[,IsolateApps]" and not a key value, the MySQL Membership and Role Providers raise an exception while trying to encrypt, decrypt or hash data:
"Additional non-parsable characters are at the end of the string".

After looking deeper into the process, I noticed it is because the providers access the literal setting of the validation and decryption keys from the Web.config file, so they retrieve "AutoGenerate,IsolateApps" instead of the actual key, and fail to convert those strings into hexadecimal keys.

How to repeat:
1) Change your validationKey and decryptionKey settings in Web.config to "AutoGenerate,IsolateApps".
2) Define the MySQL Membership and\or Role providers for use in your web application.
3) Try to add a new user using the Membership.CreateUser method.

Suggested fix:
Manually replace the "AutoGenerate,IsolateApps" value with a real hexadecimal key.
(It's only a temporary fix)

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/29328

Fixed in 5.1.3

A note has been added to the 5.1.3 changelog: 

Using the membership/role providers when validationKey or decryptionKey parameters are set to AutoGenerate, an exception would be raised when accessing the corresponding values.